We have 1 public IP address and want to setup a one-to-many HIDE NAT for our VPN Clients on our network. Will this work? If so, can we put this NAT on a Windows 2000 RAS Server that sits behind a firewall (and uses NAT)?
The Windows 2000 RAS IPSec client will support NAT-traversal now or in the near future. However, in order for your remote users to get to the server, I believe the server must have its own publicly routable address, so it cannot be installed behind the NAT firewall. According to a Microsoft industry note, "Microsoft plans to support these extensions in the Windows .NET Server family and other industry leaders have NAT Traversal-capable VPN servers in development."